A vulnerability disclosure policy (VDP), also referred to as a responsible disclosure policy, describes how an organization will handle reports of vulnerabilities submitted by ethical hackers. A VDP must thus be easily identifiable via a simple way, a security.txt notice.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:koos+security@idefix.net
Expires: 2025-01-01T00:00:00.000Z
Encryption: openpgp4fpr:979BCF89EBBF9AC96A14F56A5BA9368BE6F334E4
Encryption: https://idefix.net/~koos/PGP-key-koos-2016.asc

# This is not a beg bounty program, see https://www.troyhunt.com/beg-bounties/
# for an explanation.
# This is a simple pointer where to report any security issues you find here
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEchjCCQ/j5W3qeuMLOxfJq+SjyRYFAmRSLR0ACgkQOxfJq+Sj
yRZLcRAAi410Ohgs8TVY+dCT8aXkqvSWcBoI9hk/JsyUphzpLf43Os4cIsStwT2Q
st0znZuTsjMGimVoxMnZ6/o2/b/JqrO2BfrDgIZ1XQPbnPK6reIM0tw761khiazx
BBgP0dW+2S3Lnv20ERYYhrYhBSNI7+ysxfVFytTdmBlQYO02Wvx6X7UQz+kBZ2oi
OupAO6WaEGecJfxyY0QaUcdfNSTtJfsx2wDSRIafUoWvIBx8yTux4owph1kDE3zY
6171l+KCseHsYm1EgRVPFQEzCZI9NVIML/Nwo0zps+Fai9JCPqINofC8E96+Zq4A
rkUM7qCx8rBlkAkxNjc6OqMvKgGY386zAMpx3tFb6wNmInYGdVf7n+/n5prEXDnq
f5kTUcgRyAKfWyAIkEOikVJ/CE1Rr10UWrmNvXNpN95BACI5EzWWqmqCrKvu/mBw
BHZRzVV9QfgeRoA+5kYkCJR0F4wnFbekKzi1O+uavCRenP/VIGCdJRM3StiqG+C5
R91mqLaXCIc+Dcesy78de1M8y2rALpWNR7dKQspjJdxETSZpJ46zQOkoZyDIR8Ov
p++swndy0GsixiESVWJRhgBwl6Lll9EtwgrTtLqZ1Zew29QkG05AnOiUg2Ql6bVN
cOpjwGsUf3xvK2EOCHzrpSKxsZduAp/TXDnTxrTAs1CspF0kCbg=
=cIO6
-----END PGP SIGNATURE-----